<?php
ob_start();
require 'auth.php';
require '../config/config.php';

if(!isset($_POST['submit'])){
	header("Location: ../news.php");
	exit();
}
mydb_connect();

$title= $_POST['title'];
$description= $_POST['description'];
$video = $_POST['video'];
$category= $_POST['category'];
$content = $_POST['content'];
if($description == " " || $title == " " || $content == " " || $category== "" || $section== ""){
	die("Error: Empty fields aren't accepted. <a href='../news.php'><< Go back</a>");
}if(isset($_POST['isSelf']) && $_POST['isSelf']=="yes"){
	$author_id = $_SESSION['USER_ID'];
	$physical_author_id = $_SESSION['USER_ID'];
}
else{
	$author_id = $_POST['other-author-id'];
	$physical_author_id = $_SESSION['USER_ID'];
}
$section = $_POST['section'];

$path = "../images/";

	$valid_formats = array("jpg", "png", "gif", "bmp","JPG","PNG","GIF","BMP","jpeg","JPEG");
	//if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST")
		//{
			$name = $_FILES['img_name']['name'];
			$size = $_FILES['img_name']['size'];
			$r=10;
			if(strlen($name))
				{
					$r =1;
					list($txt, $ext) = explode(".", $name);
					$ext = pathinfo($name, PATHINFO_EXTENSION);
					if(in_array($ext,$valid_formats))
					{
						$r =2;
					if($size<(1024*1024))
						{
							$r =3;
							
							$actual_image_name = time().substr(str_replace(" ", "_", $txt), 5).".".$ext;
							$tmp = $_FILES['img_name']['tmp_name'];
								
									$r =4;
									$select_past_image = $conn->prepare("SELECT * FROM `news` WHERE id=:id");
									$select_past_image->execute(array('id' => $_POST['id']));
									$row_past_image = $select_past_image->fetch();
									$image = $row_past_image['img_name'];
									$delete = unlink("../images/" . $image);
									if(!$delete){
										echo "NOT";
										//exit();
									}
									//echo "<img src='uploads/".$actual_image_name."'  class='preview'>";
									$authorSelect = $conn->query("SELECT * FROM `users` WHERE id = '".$_SESSION['USER_ID']."'");
							$author = $authorSelect->fetch();
							if($author['role']=="int_author"){								
								$insert=$conn->prepare("UPDATE `news` set `title`=:title,`img_name`=:actual_image_name,`author_id`=:author_id,`physical_author_id`=:physical_author_id,`category_id`=:category,`content`=:content,`description`=:description,`section`=:section,`video`=:video WHERE id=:id");	
								$insert->execute(array('title' => $title, 'actual_image_name'=>$actual_image_name,  'author_id'=>$author_id ,'physical_author_id'=>$physical_author_id,'category'=>$category,'content'=> $content,'description'=> $description,'section'=> $section, 'id'=>$_POST['id'], 'video'=>$video));
							}
							if($author['role']=="tech_editor" || $author['role']=="lang_editor" || $author['role']=="chief_editor"){
								$insert=$conn->prepare("UPDATE `news` set `title`=:title,`img_name`=:actual_image_name,`category_id`=:category,`content`=:content,`description`=:description,`section`=:section,`video`=:video WHERE id=:id");	
								$insert->execute(array('title' => $title, 'actual_image_name'=>$actual_image_name,  'category'=>$category,'content'=> $content,'description'=> $description,'section'=> $section, 'id'=>$_POST['id'], 'video'=>$video));
							}

								
							if($insert){
								move_uploaded_file($tmp, $path.$actual_image_name);
								
							if($author['role']=="int_author"){
								header("location:../news.php?update=success");
							}
							if($author['role']=="tech_editor"){
								header("location:../news_tech_editor.php?update=success");
							}
							if($author['role']=="lang_editor"){
								header("location:../news_lang_editor.php?update=success");
							}
							if($author['role']=="chief_editor"){
								header("location:../news_chief_editor.php?update=success");
							}
								exit();

							}
							else{
								if($author['role']=="int_author"){
								header("location:../news.php?update=fail");
							}
							if($author['role']=="tech_editor"){
								header("location:../news_tech_editor.php?update=fail");
							}
							if($author['role']=="lang_editor"){
								header("location:../news_lang_editor.php?update=fail");
							}
							if($author['role']=="chief_editor"){
								header("location:../news_chief_editor.php?update=fail");
							}
							exit();
							}
						}
						else
						{echo "Image file size max 1 MB";$r=88;}					
						}
						else
						{echo "Invalid file format..";$r=99;}	
				}
				else{
								$authorSelect = $conn->query("SELECT * FROM `users` WHERE id = '".$_SESSION['USER_ID']."'");
							$author = $authorSelect->fetch();
							if($author['role']=="int_author"){								
								$insert=$conn->prepare("UPDATE `news` set `title`=:title,`author_id`=:author_id,`physical_author_id`=:physical_author_id,`category_id`=:category,`content`=:content,`description`=:description,`section`=:section,`video`=:video WHERE id=:id");	
								$insert->execute(array('title' => $title,   'author_id'=>$author_id ,'physical_author_id'=>$physical_author_id,'category'=>$category,'content'=> $content,'description'=> $description,'section'=> $section, 'id'=>$_POST['id'], 'video'=>$video));
							}
							if($author['role']=="tech_editor" || $author['role']=="lang_editor"|| $author['role']=="chief_editor"){
								$insert=$conn->prepare("UPDATE `news` set `title`=:title,`category_id`=:category,`content`=:content,`description`=:description,`section`=:section,`video`=:video WHERE id=:id");	
								$insert->execute(array('title' => $title,  'category'=>$category,'content'=> $content,'description'=> $description,'section'=> $section, 'id'=>$_POST['id'], 'video'=>$video));
							}

								
							if($insert){
								move_uploaded_file($tmp, $path.$actual_image_name);
								
							if($author['role']=="int_author"){
								header("location:../news.php?update=success");
							}
							if($author['role']=="tech_editor"){
								header("location:../news_tech_editor.php?update=success");
							}
							if($author['role']=="lang_editor"){
								header("location:../news_lang_editor.php?update=success");
							}
							if($author['role']=="chief_editor"){
								header("location:../news_chief_editor.php?update=success");
							}
								exit();

							}
							else{
								if($author['role']=="int_author"){
								header("location:../news.php?update=fail");
							}
							if($author['role']=="tech_editor"){
								header("location:../news_tech_editor.php?update=fail");
							}
							if($author['role']=="lang_editor"){
								header("location:../news_lang_editor.php?update=fail");
							}
							if($author['role']=="chief_editor"){
								header("location:../news_chief_editor.php?update=success");
							}
							exit();
							}				}
			?>